The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also be inventions.
A client-server model is a computing model which divides tasks between the providers of a resource or service, called servers, and resource or service requesters, called clients. Clients and servers communicate over a computer network. A server is a host computer that runs server programs which share their resources or services with clients. Such a server program may be referred to as an application program, or application for short, which can be a computer program designed to perform a set of coordinated functions, tasks, or activities for the benefit of the user who requests service or resources through a client. An application contrasts with system software, which is mainly involved with running a computer. Clients initiate communication sessions with servers which await incoming requests. Functions such as email exchange, web access, and database access are typically built on the client-server model.
During the setup of an application, an administrator or developer may have to configure many different security settings for their application. Enterprises that provide servers which host applications may provide detailed documentation, training, and education to ensure that application administrators and/or developers stay up to date with how to use and configure security settings. However, application administrators and/or developers may not fully understand what to implement as security requirements because security threats keep constantly changing. Consequently, an administrator or developer may pay a security expert to periodically conduct a security audit for the administrator's or developer's application. The security expert may make security recommendations based on the security audit, and the administrator or developer may attempt to implement these security recommendations.
The worst case scenario is for the application or the website to be hacked and the contents leaked to unauthorized users. The security expert can provide a throughout assessment providing detailed recommendations for implementation changes. These recommendations can include a better use of cryptographic functions and modules that are not vulnerable to simple attacks, a secure data sharing model, additional authentication for different user roles and profiles within the application or the website, proper authorization, and an audit trail model, to name a few.